ProjectAccessHandler: Check for CLA before creating changes If contributor agreements were enabled and required for a project, and the user had not signed a CLA, it was still possible to upload changes for review on refs/meta/config by making changes in the project access editor and pressing "Save for Review". Change-Id: I2a3d51ac6f7a1b423f4c801318d33234ca877c67

commit: 5cd45d4088b0ed32bb6b2483b7b5038f75792120 [log] [tgz]
author: David Pursehouse <dpursehouse@collab.net> Tue Sep 27 11:44:27 2016 +0900
committer: David Pursehouse <dpursehouse@collab.net> Tue Sep 27 11:46:01 2016 +0900
tree: 3e90b9c3c6075edc14aace4e0fd4a93a196561af
parent: d605babc37b7d0af183715de78052ca554659d21 [diff]
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ProjectAccessHandler.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ProjectAccessHandler.java
index 4a01128..111dfc9 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ProjectAccessHandler.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/project/ProjectAccessHandler.java

@@ -18,11 +18,13 @@
 
 import com.google.common.base.MoreObjects;
 import com.google.gerrit.common.data.AccessSection;
+import com.google.gerrit.common.data.Capable;
 import com.google.gerrit.common.data.GroupReference;
 import com.google.gerrit.common.data.Permission;
 import com.google.gerrit.common.data.PermissionRule;
 import com.google.gerrit.common.errors.InvalidNameException;
 import com.google.gerrit.common.errors.NoSuchGroupException;
+import com.google.gerrit.common.errors.PermissionDeniedException;
 import com.google.gerrit.common.errors.UpdateParentFailedException;
 import com.google.gerrit.extensions.restapi.AuthException;
 import com.google.gerrit.extensions.restapi.ResourceConflictException;
@@ -89,10 +91,15 @@
   @Override
   public final T call() throws NoSuchProjectException, IOException,
       ConfigInvalidException, InvalidNameException, NoSuchGroupException,
-      OrmException, UpdateParentFailedException {
+      OrmException, UpdateParentFailedException, PermissionDeniedException {
     final ProjectControl projectControl =
         projectControlFactory.controlFor(projectName);
 
+    Capable r = projectControl.canPushToAtLeastOneRef();
+    if (r != Capable.OK) {
+      throw new PermissionDeniedException(r.getMessage());
+    }
+
     try (MetaDataUpdate md = metaDataUpdateFactory.create(projectName)) {
       ProjectConfig config = ProjectConfig.read(md, base);
       Set<String> toDelete = scanSectionNames(config);
commit	5cd45d4088b0ed32bb6b2483b7b5038f75792120	[log] [tgz]
author	David Pursehouse <dpursehouse@collab.net>	Tue Sep 27 11:44:27 2016 +0900
committer	David Pursehouse <dpursehouse@collab.net>	Tue Sep 27 11:46:01 2016 +0900
tree	3e90b9c3c6075edc14aace4e0fd4a93a196561af
parent	d605babc37b7d0af183715de78052ca554659d21 [diff]